avformat/matroskaenc: Check BlockAdditional size before use

Don't read a 64bit number before having checked that the data is at
least 8 bytes long.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c
index 42f21eae8b7c8e83e02b2a551292024a08a8aebd..9be086237abf82c4a26ae3ef5a1fe6bebfb1a4b1 100644 (file)
--- a/libavformat/matroskaenc.c
+++ b/libavformat/matroskaenc.c
@@ -2142,9 +2142,13 @@ static int mkv_write_block(AVFormatContext *s, AVIOContext *pb,
                                         AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL,
                                         &side_data_size);
     if (side_data) {
-        additional_id = AV_RB64(side_data);
-        side_data += 8;
-        side_data_size -= 8;
+        if (side_data_size < 8) {
+            side_data_size = 0;
+        } else {
+            additional_id   = AV_RB64(side_data);
+            side_data      += 8;
+            side_data_size -= 8;
+        }
     }
 
     if ((side_data_size && additional_id == 1) || discard_padding) {